The author is a Forbes contributor. The opinions expressed are those of the writer.

Loading ...

Loading ...

This story appears in the {{article.article.magazine.pretty_date}} issue of {{article.article.magazine.pubName}}. Subscribe

Meet The Ukrainian Hackers Targeting The Kremlin's Master Manipulator

There’s a huge debate underway over governments’ demand for companies to provide “backdoors” to communications and devices protected by encryption. This capability would grant law enforcement agencies their own “master keys” capable of cracking private encrypted communications. In other words, it would ultimately help them to better spy on people.

This example of the government conspiring with technology vendors to put in this secret backdoor so they can read things pertaining to national security has totally rattled the computer security community. I understand the desire on the part of law enforcement to break encrypted communication—some reports linked the recent California and Paris attacks to encrypted communications, while other reports don’t. Will the government, with such massive amounts of data, intercept and act on the right information? Even if the government makes a seemingly legitimate claim for national security and does sneaky things such as put a master key into the RSA algorithm, a lot of people are out there who will find a way to stop it.

But for now, the good guys are trying to stop it through discourse. Companies that use these encryption products to secure the private data of their customers say surveillance is wrong. Those that have formally complained include Apple, Google, Facebook, Microsoft, Twitter, and Yahoo.

Apple introduced encryption on the endpoint—the iPad is encrypted, after all—and law enforcement said they were helping criminals. Well, reality check: They are also protecting the majority of people who use their products for the everyday things that define their lives. Encryption provides the privacy and security necessary to keep the digital information used by our companies and our customers secure.

As someone who’s been in the business of security for more than a decade, I know that demanding backdoors to encryption isn’t right—and it’s dangerous. Let me explain: Privacy is a core tenet of our whole society and it’s a basic human right. For a long time the boundary of privacy was your front yard. But that’s all changing. In today’s world, encryption is the new boundary of privacy. Encryption is the new front yard. It’s the new perimeter. It defines what digital information is private and what is public. Today encryption really, really matters. But now, if there are backdoors in encryption, does it mean nothing can be trusted?

No—it does not. So fear not. For every attack there is a counterattack. Even encryption itself can be manipulated, but there’s an antidote to that: crypto-agility. Other technologies are also emerging, including one by researcher Alex Russell at UConn that enables watchdog processes that can ensure the integrity of your encryption. So, companies, continue to embrace encryption and the exciting developments to protect it. You owe it to your customers who trust you.